There are 2 issues that I can see implementing it in this manner. 1. SASL doesn't use a standard set of credentials, it uses a challenge/response mechanism. So I guess that the credential Object would have to be some kind of interface allowing a callback. Not impossible, but requires a messy cast, and how this interacts with a JAAS LoginContext/CallbackHandler is not clear to me. 2. The Java SASL implementation requires that you pass the user's expected password into the SASL engine during the authentication process. This means I need to call the protected getUsersPassword() method from the UsernamePasswordLoginModule. The only way to access this method (in a non-evil manner) is to make the functionality part of that class hierarchy. Mike. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4047926#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...